Název projektu:
PS- FP7-ICT-2011-8-Intelligent security system for the custody of digital information (11 ES 24E1 3NE0)
Popis:
A Spanish SME is looking for partners for a FP7-ICT-2012-8 project, in order to develop an intelligent security system based on the storage of logs, that offers a registration service and event management to guarantee chain of custody of digital evidence, so that they are valid and can be brought before court.
The partner requested must have experience in chain of custody evidences.
Because there is not a standardized forensic model to ensure chain of custody and the localitation of some types of files which can be transfered, it is necessary to develop an innovative intelligent security system in order to solve this matter. The system developed in this project will provide a complete description of all transactions occurring in the system, thus achieving a solid chain of custody.
The registration system and event management (or event logger), will record all information on events related to specific applications (logs) and will implement a series of security mechanisms to ensure the integrity and authenticity of files and logs.
These logs will include information on the action taken, identification of the file (hashing), the user who performed the action, the time of performing the activity (time stamping) and the place from where it was made (geolocation). In addition, the logs will also store metadata to refer to the file and its contents, so that will allow the use of semantic technologies to facilitate their search and use by non-technical people.
To improve the reliability of the chain of custody, it will propose a process model that includes a forensic standard, as AFF4 (Advanced Forensic Format) or RDF (Resource Description Framework), that will allow to store and manage large amount of metadata, and enable interoperability between different systems.
The model defines how the system will work through five steps:
1. Acquisition
2. Identification
3. Storage
4. Evaluation
5. Presentation
In the first step, the system will capture the logs from the different hosts connected to it. Through an agent installed in every host, that provides a private HSM, (Hardware Security Module) the system will sign the logs to ensure the integrity of the events. Then, the logs will be send to the identification stage.
After the acquisition of the data, the next module will identify the physical and logical contexts stored data, and content files, ensuring the chain of custody through a certification entity.
Once the identification has done, the logs will be stored. The storage operation will be divided into different functionalities. Indexation (to ensure the efficient and fast searchs), encryption (to en sure the data integrity), archiving retention policy (to manage the storage hierarchy) and compression (to spend the less space possible in the different levels of the storage hierarchy).
The Evaluation phase will be make by the Complex Event Processing in Real Time Module (CEPIRT). This module is the intelligence of the system, and it will provide security by monitoring and correlating the data, to detect any abnormality, that will generate an alarm for spreading the anomaly. The system will be able to learn from past experiences, and provide a predictor of incidents, which will implement appropriate operational policies based on the risk identified, generating alarms according to the degree of priority it has given in advance.
Through the last module, the system will present the results obtained in a way that a non-technical person can understand what happened. It will generate reports on digital evidence stored in the logs, which will can be analysed to obtain information on the activity recorded in the same, making it possible judicial usability testing.
Technical Specifications / Specific technical requirements:
The project proposal is going to be summitted to the Objective ICT-2012.1.4 Trustworthy ICT: part b) Trust, eIdentity and Privacy management infrastructures.
The budget and the requested EU funding is not yet defined until completing the definitive consortium.
The partners involved have to develop the following tasks:
" Monitoring and correlation of data from logs to develop a trustworthy security system." Indexation methods, doing research on existing indexation-search engines, to define what method is the fastest and most efficient to log consults." Encryption algorithms: research into the different algorithms to define the most appropriate method for the system." Complex Event Processing: research focused primarily on associate real-time paradigm to CEP." Auto learn algorithms to ensure the system takes feedback from his own experience. It will be used Artificial Intelligence algorithms." Semantic search algorithms and methods, to provide fast and efficient search on the large amount of logs stored.
The partner requested must have experience in chain of custody evidences.
Because there is not a standardized forensic model to ensure chain of custody and the localitation of some types of files which can be transfered, it is necessary to develop an innovative intelligent security system in order to solve this matter. The system developed in this project will provide a complete description of all transactions occurring in the system, thus achieving a solid chain of custody.
The registration system and event management (or event logger), will record all information on events related to specific applications (logs) and will implement a series of security mechanisms to ensure the integrity and authenticity of files and logs.
These logs will include information on the action taken, identification of the file (hashing), the user who performed the action, the time of performing the activity (time stamping) and the place from where it was made (geolocation). In addition, the logs will also store metadata to refer to the file and its contents, so that will allow the use of semantic technologies to facilitate their search and use by non-technical people.
To improve the reliability of the chain of custody, it will propose a process model that includes a forensic standard, as AFF4 (Advanced Forensic Format) or RDF (Resource Description Framework), that will allow to store and manage large amount of metadata, and enable interoperability between different systems.
The model defines how the system will work through five steps:
1. Acquisition
2. Identification
3. Storage
4. Evaluation
5. Presentation
In the first step, the system will capture the logs from the different hosts connected to it. Through an agent installed in every host, that provides a private HSM, (Hardware Security Module) the system will sign the logs to ensure the integrity of the events. Then, the logs will be send to the identification stage.
After the acquisition of the data, the next module will identify the physical and logical contexts stored data, and content files, ensuring the chain of custody through a certification entity.
Once the identification has done, the logs will be stored. The storage operation will be divided into different functionalities. Indexation (to ensure the efficient and fast searchs), encryption (to en sure the data integrity), archiving retention policy (to manage the storage hierarchy) and compression (to spend the less space possible in the different levels of the storage hierarchy).
The Evaluation phase will be make by the Complex Event Processing in Real Time Module (CEPIRT). This module is the intelligence of the system, and it will provide security by monitoring and correlating the data, to detect any abnormality, that will generate an alarm for spreading the anomaly. The system will be able to learn from past experiences, and provide a predictor of incidents, which will implement appropriate operational policies based on the risk identified, generating alarms according to the degree of priority it has given in advance.
Through the last module, the system will present the results obtained in a way that a non-technical person can understand what happened. It will generate reports on digital evidence stored in the logs, which will can be analysed to obtain information on the activity recorded in the same, making it possible judicial usability testing.
Technical Specifications / Specific technical requirements:
The project proposal is going to be summitted to the Objective ICT-2012.1.4 Trustworthy ICT: part b) Trust, eIdentity and Privacy management infrastructures.
The budget and the requested EU funding is not yet defined until completing the definitive consortium.
The partners involved have to develop the following tasks:
" Monitoring and correlation of data from logs to develop a trustworthy security system." Indexation methods, doing research on existing indexation-search engines, to define what method is the fastest and most efficient to log consults." Encryption algorithms: research into the different algorithms to define the most appropriate method for the system." Complex Event Processing: research focused primarily on associate real-time paradigm to CEP." Auto learn algorithms to ensure the system takes feedback from his own experience. It will be used Artificial Intelligence algorithms." Semantic search algorithms and methods, to provide fast and efficient search on the large amount of logs stored.
Požadavky na partnera:
Requested Cooperation: Joint further development
- Type of partner sought:
Technological organization (company, R&D performer, research institute...)
End-user: legal organization with experience in chain of custody of digital evidences
- Specific area of activity of the partner:
Information and Communication Technologies: cryptography, semantic technologies, Artificial Intelligence algorithms, hardware security, Complex Event Processing.
Legal Informatics, the law
- Task to be performed by the partner sought:
Research into chain of custody of digital evidences and European legislation analysis.
Research and development of cryptographic algorithms.
Development of Complex Event Processing in Real Time tool.
Research and development of semantic search methods.
- Type of partner sought:
Technological organization (company, R&D performer, research institute...)
End-user: legal organization with experience in chain of custody of digital evidences
- Specific area of activity of the partner:
Information and Communication Technologies: cryptography, semantic technologies, Artificial Intelligence algorithms, hardware security, Complex Event Processing.
Legal Informatics, the law
- Task to be performed by the partner sought:
Research into chain of custody of digital evidences and European legislation analysis.
Research and development of cryptographic algorithms.
Development of Complex Event Processing in Real Time tool.
Research and development of semantic search methods.
Obchodní firma/fyzická osoba:
Technologické inovační centrum s.r.o.
Sídlo/Místo podnikání:
Vavrečkova 5262
760 01 Zlín
760 01 Zlín
Kontaktní osoba:
Lenka Kostelníková
Email:
Telefon:
+420 739 570 792
